MySQL client: Make CA file configurable

It used to be hardcoded to use the OpenSSL default CA Bundle, however,
this will be changed in t-h-t.

Change-Id: I75bdaf71d88d169e64687a180cb13c1f63418a0f

diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp
index 014ef35..3de1e97 100644 (file)
--- a/manifests/profile/base/database/mysql/client.pp
+++ b/manifests/profile/base/database/mysql/client.pp
@@ -35,6 +35,10 @@
 #   (Optional) Client IP address of the host that will be written in the mysql_read_default_file
 #   Defaults to undef
 #
+# [*ssl_ca*]
+#   (Optional) The SSL CA file to use to verify the MySQL server's certificate.
+#   Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'
+#
 # [*step*]
 #   (Optional) The current step in deployment. See tripleo-heat-templates
 #   for more details.
@@ -45,6 +49,7 @@ class tripleo::profile::base::database::mysql::client (
   $mysql_read_default_file   = '/etc/my.cnf.d/tripleo.cnf',
   $mysql_read_default_group  = 'tripleo',
   $mysql_client_bind_address = undef,
+  $ssl_ca                    = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt',
   $step                      = hiera('step'),
 ) {
   if $step >= 1 {
@@ -68,7 +73,7 @@ class tripleo::profile::base::database::mysql::client (
     if $enable_ssl {
       $changes_ssl = [
         "set ${mysql_read_default_group}/ssl '1'",
-        "set ${mysql_read_default_group}/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'"
+        "set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'"
       ]
     } else {
       $changes_ssl = [